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Response to Amendment 

This Office Action is in response to a communication made on October 17, 2007. 
Claims 1-6, 9, 13, and 15 have been cancelled. 
Claims 1 and 14 have been amended. 

Claims 7-8, 10-12, 14 and 16-17 are currently pending in this application. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 7, 10-12, 14, 16, and 17 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Feigen in view of in view of Coile (6473406), and in further view 
of Rothermel (6678827). 

Regarding claim 7, Feigen teaches a method for allowing a client application to 
establish, in a client network, a first connection having a first security level with a first 
port of a server application hosted in a server machine linked to a server network, in 
order to send messages addressed to the server machine, said messages passing from 
the client network to the server network through a network layer of a gateway machine 
(Figure 3, security server is the gateway), the method comprising: 
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creating a second port in the gateway machine (Column 4, lines 4-11; where 
the second port is the security service); 

rerouting to the second port of the gateway machine, by ordering the network 
layer of the gateway any message sent and addressed to the first port of the server 
machine (Column 4, lines 4-11); 

listening to the second port to detect a request to establish said first connection 
(Column 4, lines 12-19) and; 

generating, in the gateway machine, a thread which establishes said first 
connection (Column 4, lines 22 - 31). 

Feigen does not explicitly indicate that any addressed message to the first port is 
received at the second port, and creating based on the message a connection with the 
first port of the server application or deleting, by ordering the network layer (CR) of the 
gateway machine, any message sent to a third port regardless of a security level of said 
message sent to the third port. 

Coile teaches a system of providing transparent message security and filtering 
which includes any addressed message to the first port is received at the second port, 
and creating based on the message a connection with the first port of the server 
application (Column 8, lines 49 - 67). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Coile's teaching of transparency in Feigen so that the client 
never has to act according to any packet filtering and separate security issues, and only 
operate as if using the first server. 
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Rothermel teaches network security system (Abstract) that includes defining a 
third port of the server application and deleting by ordering the network layer of the 
gateway machine any message sent to the third port (Column 12, lines 56 -65; where 
the system blocks network packets going to a specified port). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Rothermel's teaching of defining IP addresses and ports 
from being addressed in a network device to protect those devices from certain types of 
undesired connections. 

Regarding claims 10 and 11, Feigen teaches a method according to claims 7 
and 8, wherein said creating and rerouting are executed automatically by a first process 
of the gateway machine and said first process generates a second process that 
executes said listening and generating (Column 4, lines 12 - 31 ). 

Regarding claim 14, Feigen teaches a method for allowing a client application to 
establish in a client network a first connection having a first security level, directly with a 
first port of a server application hosted in a server machine linked to a server network, in 
order to send messages addressed to the server machine, said messages passing from 
the client network to the server network through a network layer of a gateway machine 
(Figure 3, security server is the gateway), the method comprising: 

generating, in the gateway machine, a thread which establishes said first 
connection (Column 4, lines 4-11); and 

activating, in the gateway machine, a secure application proxy that reroutes the 
messages from the first connection, in a way that is transparent to the client application 
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(Column 4, lines 4 - 11 ), so as to establish a second connection having a second 
security level with the server application, said second connection being unknown to said 
client application (Column 4, lines 22 - 31), 

wherein said generating is performed in response to the detection of the request 
addressed to the first port of the server application to establish said first connection 
(Column 4, lines 4-11). 

Feigen does not explicitly indicate that any addressed message to the first port is 
received at the second port, and creating based on the message a connection with the 
first port of the server application or deleting, by ordering the network layer (CR) of the 
gateway machine, any message sent to a third port regardless of a security level of said 
message sent to the third port. 

Coile teaches a system of providing transparent message security and filtering 
which includes any addressed message to the first port is received at the second port, 
and creating based on the message a connection with the first port of the server 
application (Column 8, lines 49 - 67). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Coile's teaching of transparency in Feigen so that the client 
never has to act according to any packet filtering and separate security issues, and only 
operate as if using the first server. 

Rothermel teaches network security system (Abstract) that includes defining a 
third port of the server application and deleting by ordering the network layer of the 
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gateway machine any message sent to the third port (Column 12, lines 56 - 65; where 
the system blocks network packets going to a specified port). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Rothermel's teaching of defining IP addresses and ports 
from being addressed in a network device to protect those devices from certain types of 
undesired connections. 

Regarding claim 12, Feigen teaches a method according to claim 9, further 
comprising automatically executing the steps of creating, rerouting and deleting by a 
first process of the gateway machine and generating by said first process a second 
process that executes the steps of listening and generating a thread (Column 4, lines 12 
-31). 

Regarding claim 16, Feigen teaches a method according to claim 14, further 
comprising: automatically executing said creating and rerouting, by a first process of 
the gateway machine, and generating, by said first process, a second process that 
executing said listening and generating (Column 4, lines 12-31). 

Regarding claim 17, Feigen teaches a method according to claim 16, further 
comprising: automatically executing said deleting by said first process of the gateway 
machine (Column 4, lines 12 - 31). 

Claim 8 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Feigen in view of in view of Coile and Rothermel, and in further view of Winiger 
(5845068). 
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Regarding claim 8, Feigen teaches a method according to claim 7. 

Feigen does not explicitly indicate said thread comprises: 

establishes said first connection in a first phase with the first security level in a 
first interface associated with the second port and with said request; 

establishes in a second phase a second connection with the second level of 
security in a second interface to the third port in the server machine; 

writes with the second security level in the second interface any message read in 
the first interface with the first security level in a third phase, and 

writes with the first security level in the first interface any message read in the 
second interlace with the second security level in a fourth phase. 

Winiger teaches whereas said thread comprises: 

establishes said first connection in a first phase with a first security level in a first 
interface associated with the second port and with said request (Column 4, line 67 - 
Column 5, line 6); 

establishes in a second phase a second connection with a second level of 
security in a second interface to the third port in the server machine (Column 4, line 67 
- Column 5, line 6, where the system allows a new connection to open and request a 
socket of the server application, if the socket is open it allows a new connection to be 
made at a specified security level, which can be different then a previously opened 
socket or port which is operating at a completely separate security layer or label); 
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writes with the second security level in the second interface any message read in 
the first interface with the first security level in a third phase (Column 5, lines 10-14; 
Column 4, lines 44 - 51 ), and; 

writes with the first security level in the first interface any message read in the 
second interlace with the second security level in a fourth phase (Column 5, lines 10 - 
14; Column 4, lines 44 - 51 where when the system opens a socket at a certain security 
level it responses with the response that contains the identification of the security level 
in the response header). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to use Winiger's teaching of multiple security classification levels in 
Feigen's system in order to allow a certain resources to be accessed by only certain 
clearance levels, which increases security and flexibility. 

Response to Arguments 

Applicant's arguments with respect to claims 7 and 14 have been considered but 
are moot in view of the new ground(s) of rejection. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kevin Bates whose telephone number is (571 ) 272- 
3980. The examiner can normally be reached on 9 am - 5 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Glen Burgess can be reached on (571) 272-3949. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Kevin Bates 
October 29, 2007 



